DragonFly kernel List (threaded) for 2008-06
DragonFly BSD
DragonFly kernel List (threaded) for 2008-06
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: GSoC 2008 dma enhancements


From: Joerg Sonnenberger <joerg@xxxxxxxxxxxxxxxxx>
Date: Wed, 11 Jun 2008 23:49:30 +0200
Mail-followup-to: kernel@crater.dragonflybsd.org

On Wed, Jun 11, 2008 at 05:36:25PM -0400, strangepics wrote:
> Also, for this, or any other service where security counts I would highly 
> recommend using a safe, easy to use string library such as the one included 
> in  libowfat: http://www.fefe.de/libowfat/

Now the next fanboy. *sigh*

> The standard C string functions, as the history continues to prove us (and 
> we continue to ignore it), SUCK for writing secure software. You don't want 
> to end up with either buffer overflows or string escape vulnerabilities, 
> etc.

. ..and people forget that a lot of thought has been put into this. But
some of the very basic ideas (strlcpy and strlcat) are still ignored by
the glibc folks. asprintf is another example that simplifies correct
string processing a lot. All those examples follow the spirit of the C
standards and don't aim at replacing them. I'm not even sure what you
mean with string escape vulnerabilities, but if you mean the super
class of SQL injection and similiar issues, there is no 100% solution.
It doesn't even have a good automatic solution.

Joerg



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]